[
https://issues.apache.org/jira/browse/RANGER-3574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sailaja Polavarapu reassigned RANGER-3574:
------------------------------------------
Assignee: Sailaja Polavarapu
> Group-role mapping in Ranger Admin doesn't work
> -----------------------------------------------
>
> Key: RANGER-3574
> URL: https://issues.apache.org/jira/browse/RANGER-3574
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Andre Araujo
> Assignee: Sailaja Polavarapu
> Priority: Major
>
> The intent of the Ranger Admin properties
> {{{}ranger.ldap.group.searchbase{}}}, {{ranger.ldap.group.searchfilter}} and
> {{ranger.ldap.group.roleattribute}} is to provide a mechanism to map the
> user's LDAP groups to Ranger roles dynamically. For example, if the user
> belongs to the LDAP group {{{}sys_admin{}}}, it will automatically be
> assigned to the {{ROLE_SYS_ADMIN}} role in Ranger.
> The
> [{{RangerAuthenticationProvider.getLdapAuthentication()}}|https://github.com/apache/ranger/blob/e9b1e1d5f2009e90c6bbf912d5039bdafe319a5c/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java#L185]
> and
> [{{RangerAuthenticationProvider.getLdapBindAuthentication()}}|https://github.com/apache/ranger/blob/e9b1e1d5f2009e90c6bbf912d5039bdafe319a5c/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java#L512]
> methods define the parameters above and use them to correctly configure a
> {{{}DefaultLdapAuthoritiesPopulator{}}}.
> The configured populator, though, is never used to fetch the
> {{GrantedAuthorities}} from LDAP. The [{{getAuthorities()}}
> method|https://github.com/apache/ranger/blob/e9b1e1d5f2009e90c6bbf912d5039bdafe319a5c/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java#L639-L646]
> simply returns the roles assigned in Ranger and completely ignores the
> populator configured previously.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
